Back to skill

Security audit

rh-skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed RunningHub media-generation integration with expected API-key and external-service use, and no evidence of hidden or unrelated behavior.

Install this only if you intend to use RunningHub through RHMCP. Review the external GitHub project before running npm install/build, protect your RUNNINGHUB_API_KEY, and avoid submitting private prompts or media unless you are comfortable sending them to RunningHub.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports media upload and `network` storage but does not instruct the agent to warn the user or obtain consent before sending user-provided images/audio to an external service. In this context, the omission is security-relevant because the skill is specifically designed to process user media through RunningHub, so users may unknowingly disclose sensitive content to a third party.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The sceneMapping entries include broad natural-language triggers such as '生成图片', '画画', and '画一张图', which can overlap with ordinary user phrasing. In an agent-routing context, overly broad triggers can cause unintended skill invocation, sending user prompts into media-generation workflows when the user did not explicitly intend tool use.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The sceneIndex duplicates several vague aliases like '画画', '改图', and '生成图片' without contextual constraints, reinforcing the same overbroad routing behavior at the global index layer. Because this file is used for recommended app selection, ambiguous matches could silently steer users into the wrong app or trigger tool execution from conversational language alone.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.